Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1690
Views
0
Helpful
2
Replies
glen00005
Beginner
Beginner
‎10-16-2013 02:55 AM
‎10-16-2013 02:55 AM

SA520: problem when trying to access HTTPS over custom port in a site-to-site vpn

Sa520setup.png

We've set up a site-to-site VPN between our SA520 and our SmoothWall running at our data center. The tunnel is always connected, so that part runs fine

What works fine:

- Client 192.168.11.1 is able to start an RDP session (on it's default port 3389) to server 192.168.3.5

- Client 192.168.11.1 can open a webpage which is hosted on server 192.168.3.5 (hosted on the default HTTP port 80)

What doesn't work:

- Client cannot open web page which is hosted on server 192.168.3.1 at the following url: https://192.168.3.1:441

- or, for that matter, any https service in the 192.168.3.x LAN which runs on a different port

To summarize:

from the 192.168.11.x subnet, accessing services running on default ports (i.e. 80, 3389, 21) in the 192.168.3.x subnet works fine. doing the same for services running on custom ports (i.e. https over port 441) the connection to the webserver times out.

Thanks in advance for any help you may provide.

Glen

Labels:
0 Helpful
2 REPLIES 2
lariasqu
Beginner
Beginner
‎10-24-2013 10:27 AM
‎10-24-2013 10:27 AM

Hi Glen, thank you for using our forum, my name is Luis I am part of the Small business Support community. In this case I think you should check your firewall settings in your SmoothWall, I advise you create an ACL from the remote WAN to your LAN, or if you want to be more specific the servers IP address. If the issue continues you should check the servers firewall as well.

I hope you find this answer useful

Greetings,

Luis Arias.

Cisco Network Support Engineer.

0 Helpful
glen00005
Beginner
Beginner
In response to lariasqu
‎01-22-2014 02:10 AM
‎01-22-2014 02:10 AM

hi luis,

thank you for your reply. we've checked the smoothwall configuration, but couldn't discover anything which could cause this problem. we even tried replacing the sa520 with a draytek vigor router to set up an lan-to-lan vpn with the smoothwall. with the draytek in place we have no problems accessing the aforementioned servers, so it seems the issue is with the SA520.

what exactly do you mean by creating an ACL from the remote WAN to our LAN? i assumed you meant creating a firewall rule, allowing traffic from the remote device's public ip to our LAN. however, in that case i need to enter an ip address of a device in our LAN, or else i cannot save this rule. as a test i entered the ip address of my machine as the destination address, but am still unable to access the aforementioned servers.

here's how i set up the rule:

from zone: UNSECURE (WAN/optional WAN)

to zone: LAN

service: ANY

action: ALLOW always

schedule: (not set)

source hosts: Single address

from: public ip of one of the aforementioned servers

source NAT settings > external IP address: WAN interface address (cannot change this setting)

source NAT settings >WAN interface: dedicated WAN (cannot change this setting)

destination NAT settings > internal ip address: 192.168.11.123 (ip address of my machine)

enable port forwarding: unchecked

translate port number: empty

external IP address: dedicated WAN

0 Helpful
Latest Contents
(Podcast) S8|E41 Enabling a Hybrid Workspace and Workforce
Created by Amilee San Juan on 10-19-2021 04:06 PM
0
0
0
0
Listen: https://smarturl.it/CCRS8E41 Follow us: https://twitter.com/CiscoChampion    Let’s face it: today’s work is hybrid. Making hybrid work requires more than collaboration tools and SaaS applications. It’s about connecting people, dispa... view more
Cisco Business Dashboard Emulator
Created by CoreyP319 on 09-20-2021 08:06 AM
0
0
0
0
Cisco Business Dashboard             Cisco Business Dashboard Online Emulator (ver. 2.3.0.20210709)   (username: demo password: demo)   This system allows Cisco customers to access a demonstrat... view more
Networking myths. What other myths would you like busted?
Created by Kelli Glass on 08-13-2021 03:32 PM
3
0
3
0
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.  David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig... view more
#CiscoChat Live - SMB Challenge: thriving locally while maki...
Created by greghami on 06-23-2021 12:23 PM
0
0
0
0
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. &nbs... view more
#CiscoChat Live - SMB Challenge: thriving locally while maki...
Created by greghami on 06-23-2021 12:20 PM
2
0
2
0
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Polls
How would you describe your level of technical expertise?
Show Choices
Hide Choices